DMV-Themed Phishing Campaign Targeting U.S. Citizens
Check Point, Tuesday, June 17th, 2025
In May 2025, a sophisticated phishing campaign emerged, impersonating several U.S. state Departments of Motor Vehicles (DMVs). This campaign leveraged widespread SMS phishing (smishing) and deceptive web infrastructure to harvest personal and financial data from unsuspecting citizens.
Victims received alarming messages concerning unpaid toll violations and were directed to fake DMV websites that prompted them to resolve the issue by paying a nominal fine. These cloned websites requested extensive personal information and credit card credentials under the guise of verifying user identity.
Technical analysis of this campaign uncovered shared infrastructure, consistent domain naming conventions, reused frontend assets, and strong indicators pointing to a China-based threat actor. The widespread impact and impersonation of trusted state agencies underscore the urgency of awareness and proactive defense.